RNDIS и Wireshark.

0

1

Есть устройство на базе 2.6.30.10, есть модуль RNDIS(g_ether), работает нормально, сеть поднимается, берем последнюю версию Wireshark(под оффтопик) буквально только начинаем запускать и устройство падает, Wireshark кстати тоже, вывод сейчас показать не смогу, так как не на работе, но прошу проверить и не только на ядре 2.6.30.10

Ссылка

←	Определить разницу между двумя текстовыми файлами

Ubuntu 12.04 Qt4 шрифты проблема.

→

Выхлоп и более подробное описание сети в студию.

riki ★★★★
(02.04.13 13:43:15 MSK)

Ответ на: комментарий от riki 02.04.13 13:43:15 MSK

modprobe g_ether, появляется usb0, ifconfig usb0 10.10.10.10 netmask 255.255.255.0 up. Соединяемся с хостом посредством usb-кабеля, на хосте ставим RNDIS-драйвер, задаем ему к примеру 10.10.10.11 врубаем wireshar, устройство с linux падает.

splinter ★★★★★
(02.04.13 16:55:29 MSK) автор топика

Ссылка

Ответ на: комментарий от riki 02.04.13 13:43:15 MSK

Apr 3 08:00:52 login[332]: root login on 'ttyS0'
[root@cpu-unit ~]# Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c3c30000
[00000000] *pgd=23c2f031, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1]
Modules linked in:macb libphy g_ether atmel_usba_udc atmel_tsadcc evdev snd_atmel_ac97c snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_page_alloc snd_timer snd ac97_bus soundcore atmel_lcdfb cfbcopyarea cfbfillrect cfbimgblt fb rtc_ds1307 rtc_core i2c_gpio i2c_algo_bit i2c_core unix system_loop upg_main upg_lib drecK evrec rt_shm wdtm
CPU: 0 Not tainted (2.6.30.10 #1)
PC is at strlen+0x18/0x2c
LR is at rndis_msg_parser+0x3b4/0x7dc [g_ether]
pc : [<c0104dec>] lr : [<bf12c93c>] psr: 20000013
sp : c3c37dc0 ip : c3c37dd0 fp : c3c37dcc
r10: c3ba92c0 r9 : c3ac922c r8 : c3ba92d4
r7 : c3ba92ec r6 : c3ba92d4 r5 : bf130ff8 r4 : 00000000
r3 : 0001010c r2 : 00000000 r1 : bf131028 r0 : 00000000
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 0005317f Table: 23c30000 DAC: 00000015
Process runMidlet (pid: 309, stack limit = 0xc3c36268)
Stack: (0xc3c37dc0 to 0xc3c38000)
7dc0: c3c37df4 c3c37dd0 bf12c93c c0104de4 c3b8c220 c3b8c3a0 0000000c c3b8c220
7de0: 00000001 c3ac9210 c3c37e1c c3c37df8 bf12cd90 bf12c598 0000002a c3c37e10
7e00: bf121e9c c3b8c248 c3ac9200 0000000c c3c37e4c c3c37e20 bf121f00 bf12cd74
7e20: c005521c c3b8c220 c3ac9200 00000000 bf124210 c020c1a0 c3ac9200 00000000
7e40: c3c37eac c3c37e50 bf12253c bf121e28 00000000 00000100 c3c37e9c c3c37e68
7e60: c3ac922c 00000128 00000001 00000000 bf124220 bf124218 00000000 c0222ae0
7e80: c020c1b0 c3b8c4a0 00000000 00000000 0000001b c020c1a0 ffffffff 00000002
7ea0: c3c37ecc c3c37eb0 c005db48 bf121f70 c0208778 0000001b c0222ae0 c020c1b0
7ec0: c3c37ee4 c3c37ed0 c005f918 c005db1c 0000001b 00000000 c3c37efc c3c37ee8
7ee0: c001f054 c005f8cc 0000001e 0000001b c3c37f44 c3c37f00 c0061cc8 c001f010
7f00: c3c37f34 00000000 00000000 c0222ae4 fffffffe 00000000 00000015 c0222ae0
7f20: 0000001b c0222ae0 c020c1a8 c0224804 c0222ae0 00000001 c3c37f64 c3c37f48
7f40: c00620d8 c0061b54 c020c938 0000001b 000003c0 c0222ea0 c3c37f9c c3c37f68
7f60: c0025710 c0062048 c00201ac c0208778 fefff000 ffffffff fefff000 0000001b
7f80: 00000000 403497d0 c3c36000 405521f4 c3c37fac c3c37fa0 c00257b0 c00255d0
7fa0: 00000000 c3c37fb0 c001fd68 c0025768 40551220 001dccec 40551220 00000000
7fc0: 40552214 001d95a4 405521f0 00000000 403497d0 00000000 405521f4 40552208
7fe0: 40551220 bea09b70 0008a9dc 0008a9e4 60000010 ffffffff cc13c733 54334c37
Backtrace:
[<c0104dd4>] (strlen+0x0/0x2c) from [<bf12c93c>] (rndis_msg_parser+0x3b4/0x7dc [g_ether])
[<bf12c588>] (rndis_msg_parser+0x0/0x7dc [g_ether]) from [<bf12cd90>] (rndis_command_complete+0x2c/0x74 [g_ether])
[<bf12cd64>] (rndis_command_complete+0x0/0x74 [g_ether]) from [<bf121f00>] (receive_data+0xe8/0x148 [atmel_usba_udc])
r6:0000000c r5:c3ac9200 r4:c3b8c248
[<bf121e18>] (receive_data+0x0/0x148 [atmel_usba_udc]) from [<bf12253c>] (usba_udc_irq+0x5dc/0xcdc [atmel_usba_udc])
[<bf121f60>] (usba_udc_irq+0x0/0xcdc [atmel_usba_udc]) from [<c005db48>] (handle_IRQ_event+0x3c/0x124)
[<c005db0c>] (handle_IRQ_event+0x0/0x124) from [<c005f918>] (handle_level_irq+0x5c/0xb0)
r7:c020c1b0 r6:c0222ae0 r5:0000001b r4:c0208778
[<c005f8bc>] (handle_level_irq+0x0/0xb0) from [<c001f054>] (asm_do_IRQ+0x54/0x6c)
r5:00000000 r4:0000001b
[<c001f000>] (asm_do_IRQ+0x0/0x6c) from [<c0061cc8>] (__ipipe_sync_stage+0x184/0x268)
Exception stack(0xc3c37f00 to 0xc3c37f48)
7f00: c3c37f34 00000000 00000000 c0222ae4 fffffffe 00000000 00000015 c0222ae0
7f20: 0000001b c0222ae0 c020c1a8 c0224804 c0222ae0 00000001 c3c37f64 c3c37f48
7f40: c00620d8 c0061b54
r5:0000001b r4:0000001e
[<c0061b44>] (__ipipe_sync_stage+0x0/0x268) from [<c00620d8>] (__ipipe_walk_pipeline+0xa0/0xc8)
[<c0062038>] (__ipipe_walk_pipeline+0x0/0xc8) from [<c0025710>] (__ipipe_handle_irq+0x150/0x198)
r7:c0222ea0 r6:000003c0 r5:0000001b r4:c020c938
[<c00255c0>] (__ipipe_handle_irq+0x0/0x198) from [<c00257b0>] (__ipipe_grab_irq+0x58/0x6c)
[<c0025758>] (__ipipe_grab_irq+0x0/0x6c) from [<c001fd68>] (__irq_usr+0x48/0x94)
Code: e24cb004 e1a02000 ea000000 e2800001 (e5d03000)
Kernel panic - not syncing: Fatal exception in interrupt
Backtrace:
[<c0023e88>] (dump_backtrace+0x0/0x10c) from [<c019b390>] (dump_stack+0x18/0x1c)
r7:00000000 r6:bf000000 r5:c0104df0 r4:00000001
[<c019b378>] (dump_stack+0x0/0x1c) from [<c019b3d0>] (panic+0x3c/0x110)
[<c019b394>] (panic+0x0/0x110) from [<c0024188>] (die+0x1f4/0x238)
r3:00010000 r2:c020c1a0 r1:00000001 r0:c01dac35
[<c0023f94>] (die+0x0/0x238) from [<c0026ae4>] (__do_kernel_fault+0x6c/0x7c)
[<c0026a78>] (__do_kernel_fault+0x0/0x7c) from [<c0026da0>] (do_page_fault+0x2ac/0x2d8)
r7:c0204018 r6:c38579c0 r5:c3c37dac r4:c0203fa8
[<c0026af4>] (do_page_fault+0x0/0x2d8) from [<c001f280>] (do_DataAbort+0x38/0x11c)
[<c001f248>] (do_DataAbort+0x0/0x11c) from [<c001fb2c>] (__dabt_svc+0x4c/0x60)
Exception stack(0xc3c37d78 to 0xc3c37dc0)
7d60: 00000000 bf131028
7d80: 00000000 0001010c 00000000 bf130ff8 c3ba92d4 c3ba92ec c3ba92d4 c3ac922c
7da0: c3ba92c0 c3c37dcc c3c37dd0 c3c37dc0 bf12c93c c0104dec 20000013 ffffffff
[<c0104dd4>] (strlen+0x0/0x2c) from [<bf12c93c>] (rndis_msg_parser+0x3b4/0x7dc [g_ether])
[<bf12c588>] (rndis_msg_parser+0x0/0x7dc [g_ether]) from [<bf12cd90>] (rndis_command_complete+0x2c/0x74 [g_ether])
[<bf12cd64>] (rndis_command_complete+0x0/0x74 [g_ether]) from [<bf121f00>] (receive_data+0xe8/0x148 [atmel_usba_udc])
r6:0000000c r5:c3ac9200 r4:c3b8c248
[<bf121e18>] (receive_data+0x0/0x148 [atmel_usba_udc]) from [<bf12253c>] (usba_udc_irq+0x5dc/0xcdc [atmel_usba_udc])
[<bf121f60>] (usba_udc_irq+0x0/0xcdc [atmel_usba_udc]) from [<c005db48>] (handle_IRQ_event+0x3c/0x124)
[<c005db0c>] (handle_IRQ_event+0x0/0x124) from [<c005f918>] (handle_level_irq+0x5c/0xb0)
r7:c020c1b0 r6:c0222ae0 r5:0000001b r4:c0208778
[<c005f8bc>] (handle_level_irq+0x0/0xb0) from [<c001f054>] (asm_do_IRQ+0x54/0x6c)
r5:00000000 r4:0000001b
[<c001f000>] (asm_do_IRQ+0x0/0x6c) from [<c0061cc8>] (__ipipe_sync_stage+0x184/0x268)
Exception stack(0xc3c37f00 to 0xc3c37f48)
7f00: c3c37f34 00000000 00000000 c0222ae4 fffffffe 00000000 00000015 c0222ae0
7f20: 0000001b c0222ae0 c020c1a8 c0224804 c0222ae0 00000001 c3c37f64 c3c37f48
7f40: c00620d8 c0061b54
r5:0000001b r4:0000001e
[<c0061b44>] (__ipipe_sync_stage+0x0/0x268) from [<c00620d8>] (__ipipe_walk_pipeline+0xa0/0xc8)
[<c0062038>] (__ipipe_walk_pipeline+0x0/0xc8) from [<c0025710>] (__ipipe_handle_irq+0x150/0x198)
r7:c0222ea0 r6:000003c0 r5:0000001b r4:c020c938
[<c00255c0>] (__ipipe_handle_irq+0x0/0x198) from [<c00257b0>] (__ipipe_grab_irq+0x58/0x6c)
[<c0025758>] (__ipipe_grab_irq+0x0/0x6c) from [<c001fd68>] (__irq_usr+0x48/0x94)

splinter ★★★★★
(03.04.13 08:06:11 MSK) автор топика
Последнее исправление: splinter 03.04.13 08:06:51 MSK (всего исправлений: 1)

Ответ на: комментарий от splinter 03.04.13 08:06:11 MSK

Кто нибудь может подтвердить/опровергнуть?

splinter ★★★★★
(03.04.13 16:53:55 MSK) автор топика
Последнее исправление: splinter 03.04.13 16:54:11 MSK (всего исправлений: 1)

Ссылка

в общем проблема решена. Вероятно кто то может столкнуться с этим, так как уязвимость довольно таки серьезная, по сути удаленная приведу код решающий проблему для ядер 2.6.3x: файл rndis.c:291

case OID_GEN_VENDOR_DESCRIPTION:
    pr_debug("%s: OID_GEN_VENDOR_DESCRIPTION\n", __func__);
    length = strlen (rndis_per_dev_params [configNr.vendorDescr);
    memcpy (outbuf,
                               rndis_per_dev_params [config.Nr].vendorDescr, length);
    retval = 0;
break;

заменить на:

case OID_GEN_VENDOR_DESCRIPTION:
    pr_debug("%s: OID_GEN_VENDOR_DESCRIPTION\n", __func__);
    if(rndis_per_dev_params [configNr.vendorDescr) {
    length = strlen (rndis_per_dev_params [configNr.vendorDescr);
    memcpy (outbuf,
                               rndis_per_dev_params [config.Nr].vendorDescr, length);
    retval = 0;
}
break;

splinter ★★★★★
(29.04.13 15:53:14 MSK) автор топика

Ссылка

кстати от nmap ядро тоже падает. Замечу что сетевые сканеры запускались в windows7 x64. При запуске их из под linux подобной проблемы не возникало. Вероятно это было связанно с реализацией драйвера RNDIS для windows linux64.inf, видимо не передается VendorDescr. Код драйвера:

; Based on template INF file found at
;    <http://msdn.microsoft.com/en-us/library/ff570620.aspx>
; which was:
;    Copyright (c) Microsoft Corporation
; and released under the MLPL as found at:
;    <http://msdn.microsoft.com/en-us/cc300389.aspx#MLPL>.
; For use only on Windows operating systems.

[Version]
Signature           = "$Windows NT$"
Class               = Net
ClassGUID           = {4d36e972-e325-11ce-bfc1-08002be10318}
Provider            = %Linux%
DriverVer           = 06/21/2006,6.0.6000.16384

[Manufacturer]
%Linux%             = LinuxDevices,NTx86,NTamd64,NTia64

; Decoration for x86 architecture
[LinuxDevices.NTx86]
%LinuxDevice%       = RNDIS.NT.5.1, USB\VID_0525&PID_a4a2, USB\VID_1d6b&PID_0104&MI_00

; Decoration for x64 architecture
[LinuxDevices.NTamd64]
%LinuxDevice%       = RNDIS.NT.5.1, USB\VID_0525&PID_a4a2, USB\VID_1d6b&PID_0104&MI_00

; Decoration for ia64 architecture
[LinuxDevices.NTia64]
%LinuxDevice%       = RNDIS.NT.5.1, USB\VID_0525&PID_a4a2, USB\VID_1d6b&PID_0104&MI_00

;@@@ This is the common setting for setup
[ControlFlags]
ExcludeFromSelect=*

; DDInstall section
; References the in-build Netrndis.inf
[RNDIS.NT.5.1]
Characteristics     = 0x84   ; NCF_PHYSICAL + NCF_HAS_UI
BusType             = 15
; NEVER REMOVE THE FOLLOWING REFERENCE FOR NETRNDIS.INF
include             = netrndis.inf
needs               = Usb_Rndis.ndi
AddReg              = Rndis_AddReg_Vista

; DDInstal.Services section
[RNDIS.NT.5.1.Services]
include             = netrndis.inf
needs               = Usb_Rndis.ndi.Services

; Optional registry settings. You can modify as needed.
[RNDIS_AddReg_Vista]
HKR, NDI\params\VistaProperty, ParamDesc,  0, %Vista_Property%
HKR, NDI\params\VistaProperty, type,       0, "edit"
HKR, NDI\params\VistaProperty, LimitText,  0, "12"
HKR, NDI\params\VistaProperty, UpperCase,  0, "1"
HKR, NDI\params\VistaProperty, default,    0, " "
HKR, NDI\params\VistaProperty, optional,   0, "1"

; No sys copyfiles - the sys files are already in-build
; (part of the operating system).
; We do not support XP SP1-, 2003 SP1-, ME, 9x.

[Strings]
Linux                 = "Linux Developer Community"
LinuxDevice           = "Linux USB Ethernet/RNDIS Gadget"
Vista_Property        = "Optional Vista Property"

splinter ★★★★★
(29.04.13 16:00:57 MSK) автор топика

Ссылка

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.

←	Определить разницу между двумя текстовыми файлами

General

Ubuntu 12.04 Qt4 шрифты проблема.

→

Похожие темы